In a bid to fortify data security within China’s industrial domain and effectively mitigate “major risks” by the culmination of 2026, the Ministry of Industry and Information Technology (MIIT) of China has revealed an extensive plan.
The unveiling of this plan comes amidst heightened tensions between China and the United States, with both nations frequently levelling accusations of cyberattacks and industrial espionage against each other.
A report by Reuters last year shed light on the accelerated endeavors of Chinese government bodies and state-owned enterprises to supplant Western-made hardware and software with indigenous alternatives. Such endeavors were partly propelled by apprehensions of hacking activities orchestrated by foreign adversaries.
Outlined on the official website of MIIT, the plan elucidates strategies to counter prevalent risk scenarios including ransomware attacks, vulnerability backdoors, illicit operations by personnel, and unregulated remote operation and maintenance.
“We will bolster risk self-examination and self-correction, and implement precise management and protective measures,” as stated in the plan.
By the close of 2026, protective measures, encompassing emergency drills simulating ransomware assaults, are mandated to be enforced across over 45,000 companies operating within China’s industrial sector. This initiative is slated to encompass at least the top decile in terms of revenue from each Chinese province.
Furthermore, the plan is geared towards conducting 30,000 data security training sessions and nurturing 5,000 data security “talents” within the stipulated timeframe.
Over the past three years, China has significantly tightened regulations pertaining to the storage and transmission of user data by its enterprises, citing concerns over national security. Notably, Chinese ride-hailing behemoth Didi was slapped with a hefty $1.2 billion fine in July 2022 owing to breaches in data security.
In December, the Ministry of State Security sounded a cautionary note, highlighting the utilization of foreign geographic information software for the collection of sensitive data in critical sectors, including the military.
Coinciding with this, MIIT put forth a four-tier classification system in the same month, aimed at enhancing its responsiveness to incidents pertaining to data security.